id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses
19877 wp_kses_stripslashes() should account for single quotes too ethitter "Right now, wp_kses_stripslashes() only removes slashes before double quotes, but should do the same for single quotes.
For example, if wp_kses() is applied to the following string (assuming
If the single quotes are switched to double quotes, the attributes are properly sanitized against the list of allowed tags passed to wp_kses(). Updating wp_kses_stripslashes() to account for both types of quotes eliminates the need to strip slashes before applying wp_kses()." defect (bug) closed normal Formatting 3.3.1 normal wontfix has-patch close